The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Understanding SOA Security Design and Implementation

Posted by Xavier Ashe on October 3, 2007

Securing access to information is important to any business. Security
becomes even more critical for implementations structured according to
Service Oriented Architecture (SOA) principles, due to loose coupling
of services and applications, and their possible operations across
trust boundaries. To enable a business so that its processes and
applications are flexible, you must start by expecting changes – both
to process and application logic, as well as to the policies associated
with them. Merely securing the perimeter is not sufficient for a
flexible on demand business.

In this redbook security is factored into the SOA life cycle reflecting
the fact that security is a business requirement, and not just a
technology attribute. We discuss a SOA security model that captures the
essence of security services and securing services. These approaches to
SOA security are discussed in the context of some scenarios, and
observed patterns. We also discuss a reference model to address the
requirements, patterns of deployment, and usage, and an approach to an
integrated security management for SOA.

This book is a valuable resource to senior security officers, architects, and security administrators.

Download the RedBook here.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: